安装
1. 安装服务
apt install rabbitmq-server
2. 开启ssl
1. 配置密钥
a. 下载 easyrsa
b. 解压并配置key
tar -zxf EasyRSA-3.2.2.tgz
cd EasyRSA-3.2.2/
#初始化证书环境
./easyrsa init-pki
#创建ca
./easyrsa build-ca nopass
#创建服务器证书
./easyrsa build-server-full rabbitmq nopass
#创建客户端证书
./easyrsa build-client-full client nopass
#将证书移至指定路径
cp pki/ca.crt pki/private/rabbitmq.key pki/issued/rabbitmq.crt /etc/rabbitmq/ssl
#添加证书配置
vim /etc/rabbitmqrabbitmq.conf
#生成jks文件
keytool -import -alias rabbitmq -file rabbitmq.crt -keystore trust_store.jks -storepass "000000" -noprompt
vars参考配置
set_var EASYRSA_REQ_COUNTRY "CN"
set_var EASYRSA_REQ_PROVINCE "省份拼音"
set_var EASYRSA_REQ_CITY "城市拼音"
set_var EASYRSA_REQ_ORG "组织机构"
set_var EASYRSA_REQ_EMAIL "联系邮箱"
set_var EASYRSA_REQ_OU "Organizational Unit"
# Set no password mode - This will create the entire PKI without passwords.
# This can be better managed by choosing which entity private keys should be
# encrypted with the following command line options:
# Global option '--no-pass' or command option 'nopass'.
#
set_var EASYRSA_NO_PASS 1
#set_var EASYRSA_ALGO rsa
set_var EASYRSA_ALGO ec
# Define the named curve, used in ec & ed modes:
#
set_var EASYRSA_CURVE secp384r1
# In how many days should the root CA key expire?
#
set_var EASYRSA_CA_EXPIRE 3650
# In how many days should certificates expire?
#
#set_var EASYRSA_CERT_EXPIRE 825
set_var EASYRSA_CERT_EXPIRE 3650
rabbitmq配置参考
#ssl监听端口
listeners.ssl.default = 25671
#证书配置
ssl_options.cacertfile = /etc/rabbitmq/ssl/ca.crt
ssl_options.certfile = /etc/rabbitmq/ssl/rabbitmq.crt
ssl_options.keyfile = /etc/rabbitmq/ssl/rabbitmq.key
#是否验证客户端证书 verify_none:不验证 verify_peer:验证
ssl_options.verify = verify_none
2. springboot配置参考
spring:
rabbitmq:
host: 192.168.1.16
port: 25671
username: dev
password: dev
virtual-host: /dev
ssl:
enabled: true
trust-store: classpath:trust_store.jks
trust-store-password: "000000"
trust-store-type: PKCS12
verify-hostname: false